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BIQMETRIC CERTIFICATES 
BACKGROUND OP THE INVENTION 

1 . FIELD OF THE INVENTION 

This disclosure relates generally to the field of secure 
communications, and in particular to the issuance and 
management of certificates for authenticating messages. 

2. DESCRIPTION OF RELATED ART 

The use of computer networks and telecommunication systems 
for various transactions has markedly increased in recent 
years. Traditional transactions such as shopping, purchasing, 
banking, and investment seirvices have experienced growth in new 
directions due to the application of computers and 
telecommunications . 

While traditional transactions have heretofore been 
conducted typically on a person-to-person basis, many 
telecommunication-based transactions are conducted remotely and 
sight-unseen; i.e. the participants in telecommunication-based 
transactions may never meet. 

With such telecommunication-based transactions, there is 
an increasing need to recognize and verify the authenticity of 
a remote user of electronic services, including such services 
involving consumers of all types of electronic transactions 
such as purchases over the Internet, home banking, electronic 
transfers of funds, and electronic brokerage services. Such 
electronic transactions may also involve users of remote 
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repositories of data, for example, to access classified 
records, medical records, billing records, and unclassified but 
sensitive data, such as company records. Other relevant areas 
requiring adequate or even absolute security include 
5 authentication of signers of electronic documents such as 
contracts. In general, any electronic service of value, 
provided over a local network or a public network, requires 
authentication of the requester in order to protect the value 
of the service. More valuable services typically require a 
10 greater degree of authentication. 

Historically, access to electronic services has been 
provided through identification techniques such as account 
names and authentication techniques such as personal 
identification numbers (PINs) and passwords. Such 
15 authentication techniques have not proven to be very secure 
since PINs and passwords are often easily guessed, hard to 
remember, or subject to discovery by exhaustive automated 
searches. Recently, digital certificates have emerged as a 
leading candidate for authenticating electronic transactions. 
20 Ideally, a digital certificate, such as those defined by 

the X.509 and ANSI X.9 standards, allows users or buyers and 
sellers to authenticate electronic documents and electronic 
transactions in a manner analogous to the authentication of 
documents by a Notary Public in person-to-person transactions. 
25 The combination of cryptographic techniques, including public 
key cryptography, and the use of digital certificates provides 
greater integrity, privacy and a degree of authentication for 
on-line electronic transactions which instills a greater level 
of confidence in the electronic services consumer. 
30 For example, such authenticating certificates in the prior 

art may be generated by concatenating a message and a public 
key with a set 10 of data as shown in FIG, 1, which may be in a 
sequence and which may include a subject unique ID 12 
corresponding to the subject; that is, the individual or entity 
35 such as a corporation, having the public key. As shown in FIG. 
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1, other fields in the set 10 of data may include a version 
number, a serial number for the certificate with respect to a 
sequence of generated certificates, the name of the issuer, a 
validity period to determine an expiration of validity of the 
5 certificate, a subject name identifying the user or individual 
sending the transaction, a issuer unique ID number, and other 
data extensions indicating privileges and attributes of the 
certificate, such as access privileges. 

The subject unique ID 12 of the user may include M bits 
10 representing, for example, a social security number or a 
password associated with the user sending the transaction. 
Typically, 

M « 50 bits « 6 bytes or less. 

The authenticating certificate, being the concatenation of 

15 the set 10 of data with the public key and the transaction 
data, is then processed, for example, using a hash function 
such as a one-way hashing function, to generate a hashed value. 
The hashed value is then signed; that is, encrypted, using the 
private key of the user to generate a digital signature 14 . 

20 The digital signature 14 is then appended to the authenticating 
certificate and the message, such as an electronic transaction, 
for transmission over, for example, a network. 

The X.509 and ANSI X.9 standards described above 
incorporate a hash function to generate unique digital 

25 signatures 14 from a respective set 10 of data. Such one-way 
hashing functions enable the transaction data to be 
computationally infeasible to derive solely from the hash 
value . 

While the use in the prior art of authenticating 
30 certificates incorporating digital certificates improves 
transactions employing electronic authentication, it still 
falls short of actually authenticating a human transactor, such 
as a consumer. Instead, such digital certificates in the prior 
art only authenticate the private cryptographic key used in the 
35 transaction or signature. Since private keys are physically 
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Stored on computers and/or electronic storage devices, such 
private keys are not physically related to the entities 
associated with the private keys. For example, a private key 
is assigned to an entity, which may be a group of people, an 
5 organization such as a company, or even groups of 

organizations, and so private keys are not limited to actual 
human individuals . 

Identification indica of individuals may be subdivided 
into three broad categories: indica based on the physical 
10 characteristics of the individual, that is, what the individual 
is; indicia based on one's knowledge, such as passwords known 
to the individual; and indicia based on assigned information, 
that is, what another individual has associated with the 
identified individual, or what the identified individual 
15 chooses with which to be associated. The first category having 
physical indicia relates to the biometric data of an 
individual, and includes characteristic features such as 
genetic composition, fingerprints, hand geometry, iris and 
retinal appearance, etc., which are unique to each individual, 
20 with known exceptions such as the identical genetic 
compositions of twins. 

The second and third categories having known and/or 
assigned indicia includes information which the individual 
knows and/or is charged with memorizing and divulging for 
25 authentication, such as social security number, mother's maiden 
name, access codes such as long distance calling card numbers, 
and personal passwords. The second category also includes 
information and/or objects which the individual owns and/or is 
charged with carrying and divulging for authentication, such as 
30 driver's licenses and passports. 

Private keys are assigned indicia. Accordingly, the lack 
pf physical identification of a human transactor with a private 
key is a flaw in authentication techniques in the prior art 
using such private keys. Other authentication and security 
35 techniques in the prior art are similarly flawed, since many 
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authentication and security techniques rely on identification 
indicia of the second category. 

Techniques are known in the art for authenticating an 
individual based on identification indica of the first 
5 category; that is, by physical characteristics. For example, 
U.S. Patent No. 4,641,349 to Flom et al. discloses a system for 
performing iris recognition. Typically, such physical 
characteristics identifying techniques require complicated 
computational operations for the capture and accurate 
10 classification of physical characteristics, since such physical 
characteristics are unique to each individual. Accordingly, 
the identification indicia for such physical characteristics 
generally requires a relatively large amount of memory to store 
and classify such identification indicia. 
15 Heretofore, the relatively large computational demands of 

authentication techniques based on physical characteristics has 
prevented such authentication techniques from being implemented 
in electronic transactions. 

20 SUMMARY OF THE INVENTION 

It is recognized herein that biometric identification and 
classification in the authentication of electronic transactions 
provides for increased security and accuracy. 

A biometric certification system and method are disclosed 
25 herein which implements an end-to-end security mechanism 

binding the biometric identification of consumers with digital 
certificates. The biometric certification system authenticates 
electronic transactions involving a user, and includes a 
biometric input device which responds to a set of physical 
30 characteristics of the user, and generates corresponding first 
biometric data related to the physical condition of the user. 

Biometric data is pre-stored as biometric certificates in 
a biometric database of the biometric certificate management 
system by receiving data corresponding to physical 
35 characteristics of registered users through a biometric input 



-5- 



wo 98/50875 



PCTAJS98/09770 



device. Subsequent transactions to be conducted over a network 
have transaction biometric data generated from the physical 
characteristics of a current user, which is then appended to 
the transaction first data, and which then authenticates the 
5 user by comparison against the pre- stored biometric data of the 
physical characteristics of users in the biometric database, 

BRIEF DESCRIPTION OF THE DRAWINGS 

The features of the disclosed biometric certification 
10 system and method are readily apparent and are to be understood 
by referring to the following detailed description of the 
preferred embodiments of the present invention, taken in 
conjunction with the accompanying drawings, in which: 

FIG. 1 illustrates an authenticating certificate in the 
15 prior art; 

FIG. 2 illustrates a biometric certificate of the 
disclosed biometric certification system and method; 

FIG. 3 illustrates a biometric certificate registration 
apparatus; 

20 FIG. 4 illustrates an electronic transaction transmission 

section; and 

FIG. 5 illustrates an electronic transaction reception and 
processing section. 

25 DESCRIPTION OF THE PREFERRED EMBODIMENTS 

Referring in specific detail to the drawings, with common 
reference numbers identifying similar or identical elements, 
steps, and features, as shown in FIG. 2 the present disclosure 
describes a biometric certification system and method for 

30 generating biometric certificates from a set 16 of data, 

including a subject unique ID 18 and biometric data 20. A 
digital signature 22 generated using data set 16 is then 
appended to the data set 16 to form the biometric certificate, 
as shown in FIG. 2. 

35 The disclosed biometric certification system is shown in 
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FIGS. 3-5, having biometric registration section 24 shown in 
FIG. 3, a transmitting section 40 shown in FIG. 4, and a 
receiving section 4 2 shown in FIG. 5. The biometric 
registration section 24 processes user biometrics and 
5 associated inputs to generate biometric certificates which are 
unique to the user, and which are stored in a memory such as a 
biometric database and/or a smart card memory. Once such 
biometric certificates are stored, a first user may conduct 
biometrically- secured electronic transactions sent from the 

10 transaction transmission section 40 of FIG, 4 to the 

transaction reception section 42 of FIG. 5, at which the 
electronic transaction is authenticated and processed. 

Referring to FIG. 3, the registration section 24 has a set 
of input devices, including a registration biometric input 

15 device 26 and a user data input device 28. The biometric input 
device 26 generates registration biometric data from the 
physical characteristics of the user, such as fingerprints, 
hand geometry, iris and retinal appearance, and speech 
patterns . 

20 The registration biometric input device 26 may include 

visual cameras and/or other visual readers to input 
fingerprints, hand geometry, iris appearance, and retinal 
appearance. For example, companies such as IDENTIX, FUJITSU, 
and AUTHENTEC provide such equipment for reading fingerprints, 

25 while RECOGNITION SYSTEMS provides equipment to read hand 
geometry. EYE-DENTIFY is an example of a company which 
provides retinal imaging devices, while IRISCAN and SENSAR are 
examples of companies which provide iris imaging devices. 

Alternatively, the registration biometric input device 26 

30 may be adapted to receive audio characteristics of a user. For 
example, a microphone in conjunction with a speech digitizer 
may be used to receive and digitize speech. Such companies as 
BBN, T-NETIX, and ALPHA-TEL provide such equipment for 
receiving and digitizing speech to generate corresponding 

35 biometric data. 
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Biometric input devices known in the art may be used to 
receive other physical characteristics such as facial and body 
appearance via, for example, a camera, as well as the genetic 
composition of the user by means of genetic material gathering 
5 procedures, such as blood lancets. 

The biometric certificate as shown in FIG. 2 may be 
generated by processing the registration biometric data from 
the registration biometric input device 26, processing the user 
input data such as a user ID from the user data input device 
10 28, and processing the public key 30 of the user at a biometric 
certificate generator 32 of a registration authority 34. Such 
input data are processed with the private key 36 of a 
certifying authority to generate a digital biometric 
certificate 38 which is sent to the memory for storage and 
15 subsequent use to authenticate the first user and associated 
electronic transactions of the first user. 

The registration biometric data 20 to be incorporated into 
the biometric certificate of FIG. 2 is obtained directly from 
the physical characteristics of the subject through the 
20 biometric input device 26. The subject unique ID 18 of the 
user may include M bits, in which typically M « 50 bits « 6 
bytes or, less, while the biometric data 20 typically includes 
much more data than the subject unique ID 18. Generally, the 
biometric data 20 has N bits in which N may be very large, such 
25 as about 500 bytes. In fact, the amount of the biometric data 
20 is unlimited; for example, a fingerprint may be visually 
scanned to any resolution to obtain key fingerprint aspects 
which uniquely distinguish fingerprints, or alternatively to 
obtain data representing pixels of the entire fingerprint. 
30 Accordingly, the biometric data 20 may require large amounts of 
memory for storage such as 2 kB or even 4 MB. Accordingly, in 
the preferred embodiment, N is much greater than M. 

Prior to use of the disclosed biometric certification 
system and method, the biometric database 66 is built using, 
35 for example, a registration process in which individuals are 
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required to provide proof of identity; that is, identification 
information such as a birth certificate, a driver's license, 
current bank account data, credit card account data, etc. to be 
provided to a registration authority. Once the registration 
5 authority is satisfied with such proof, the identification 
information is entered into the registration system 24 and 
biometric measurements are then taken concurrently using at 
least one biometric input device 26, as shown in FIG. 3. 

Such stored biometric measurements form the pre- stored 
10 biometric data in the biometric database 66 which corresponds 
to the pre -registered individuals who have undergone the 
registration process described above. Accordingly, pre- 
registered individuals may be properly authenticated, while 
unregistered individuals are rejected, within the cross-over 
15. error rate. 

The biometric certificates 38 are then sent to be stored 
in a memory, such as a biometric database or a memory of a 
smart card, as shown as the memory 66 in FIG. 5. The 
registration system 24 of FIG. 3 may be located at a central 
20 registration station associated with a network, such that the 
corresponding biometric certificates of a user may be directly 
and securely stored in the memory 66, such as a central 
biometric database of a network or an individual memory of a 
smart card of the user. Accordingly, the central biometric 
25 database as the memory 66 may serve a network of users 
conducting transactions, such as electronic commerce (E- 
commerce) , over the Internet and other networks. 
Alternatively, a smart card of the first user having the memory 
66 may pre-store the biometric certificates, such that kiosks 
30 and other devices such as terminals and automatic teller 

machines (ATMs) may access the memory 66 and obtain the secured 
biometric certificate of the first user. 

Referring to FIGS. 4-5, to conduct an electronic 
transaction, the first user uses the transaction system 40 in 
35 FIG. 4. The first user uses a transaction biometric input 
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device 44 to generate transaction biometric data 4 6 as 
contemporaneous biometrics associate with the first user. The 
first user also generates transaction first data 50 through a 
transaction data input device 48. For example, the transaction 
5 first data 50 may include selections of products to be 

purchased over the Internet, or may include electronic funds 
transfers through an ATM. The transaction first data 50 also 
includes user ID data identifying the first user and 
associating the first user with the remainder of the 
10 transaction first data. 

Both of the transaction biometric data 46 and the 
transaction first data 50 are sent over the network 60 
unchanged and in the clear, or optionally encrypted by 
additional encryption techniques known in the art, to be 
15 received by the transaction reception section 42, as shown in 
FIG. 5. 

In addition, at the transaction transmission section 40 of 
FIG. 4, both of the transaction biometric data 46 and the 
transaction first data 50 are processed, for example, using a 

20 first hash function 52, such as a one-way hashing function, to 
generate a first hashed value. RSA and SHA-1 are examples of 
public key cryptographic methods and one-way hashing which may 
be used for such encryption and hashing functions. The RSA 
method is described, for example, in U.S. Patent No. 4,405,829 

25 to Rivest et al . , which is incorporated herein by reference. 
The SHA-1 method is described, for example, in U.S. Patent No. 
5,623,545 to Childs et al . , which is incorporated herein by 
reference . 

The first hashed value is then sent to a digital signature 
30 function 54, in which the hashed value is signed; that is, 
encrypted, using the private key 56 of the first user to 
generate a digital signature 58, incorporating the first hash 
value. The digital signature 58 is then sent to the network 
60. 

35 The set of data transmissions constituting the transaction 
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biometric data 46, the transaction first data 50, and the 
digital signature 58 may be sent as separate bitstreams and/or 
data packets, or otherwise may be sent together by appending 
the associated data sequences using a concatenator, such as an 
5 addei for bitwise adding of the data sequences. In addition, 
software may be used to append such data. The data 46, 50, and 
58 may be sent to the network 60, which may include telephone 
networks, satellite communications, and/or the Internet. 
Referring to FIG. 5, after receiving the electronic 
10 transaction from the network 60, the receiving section 42 sends 
the user ID data 62 from the transaction first data 50 to be 
sent to a biometric certificate extractor 54. The biometric 
certificate extractor 54 uses the user ID data 62 to access a 
corresponding biometric certificate stored in the memory 66, 
15 such as the biometric database or smart card memory. That is, 
if the first user had previously stored corresponding biometric 
certificates generated from biometric characteristics of the 
first user using the registration system 24 shown in FIG. 3, 
the biometric certificate of the first user may be indexed 
20 according to the user ID data, such as the social security 
number, of the first user. 

The memory 66 may receive the user ID data 62, or 
otherwise may receive a command from the biometric certificate 
extractor 64 to retrieve any biometric certificate 
25 corresponding to the user ID data 62 of the first user. If 
none are available, the receiving section 42 may generate a 
rejection signal, for example, at the biometric certificate 
extractor 64, to indicate that no biometric certificate is 
available . 

30 Accordingly, any user requesting authentication of an 

electronic transaction but failing to be registered; that is, 
to have a corresponding pre-stored biometric certificate stored 
in the memory 66, is not authenticated. The receiving section 
42 may generate a corresponding message of non-authentication, 

35 and may also send such a message through the network 60 to the 
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transmitting section 40 to indicate no authenticity in the 
transaction. 

Otherwise, if a biotnetric certificate is available for the 
first user having corresponding user ID data, the biometric 
5 certificate 68 is retrieved and sent to the biometric 

certificate extractor 64 to decrypt the biometric certificate 
68 using the public key 70 of the certifying authority. Thus, 
the biometric certificate extractor 64 obtain the decrypted 
registration biometric data 72 and the decrypted user public • 
10 key 74 associated with the first user. 

The decrypted user public key 74 is then sent to a 
decryptor to decrypt the digital signature 58 sent over the 
network 60 from the transmitting section 24 . The decryptor 76 
then extracts the first hash value which was incorporated into 
15 the digital signature 58 by the first hash function 52. 

The receiving section 24 authenticates the first hash 
value by attempting to recreate the first hash value using a 
second hash function 78 which is identical to the first hash 
function 52 of the transmitting section 24 . The second hash 
20 function 78 receives the transaction biometric data 46 and the 
transaction first data 50 from the network 60, which were sent 
from the transmitting section 24 in the clear, or optionally 
encrypted by additional encryption techniques known in the art. 
The second hash function 78 thus generates a second hash value 
25 from the same input data applied to the first hash function 52. 
The first and second hash values are then compared by a 
first classifier 80, such as a comparator or matching routines 
in software, for determining a match between the first and 
second hash values. A first validation signal 82 is generated 
30 to indicate whether or not both independently generated hash 
values match. 

If both match, then the receiving section 4 2 thus 
determines that both of the transaction biometric data 4 6 and 
the transaction first data 50, in combination, are authentic 
35 and have not been modified during transmission over the network 
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60. 

In addition, the receiving section 42 determines whether 
the electronic transaction is indeed from the indicated user 
corresponding to the transaction biometric data 46; that is, 
5 transaction biometric data 46 may not be authentic, or 

alternatively, the decrypted user public key 74 may be a public 
key 74 commonly shared by a specific group of people such as 
employees of a specific company. 

Accordingly, the receiving section 4 2 compares the 
10 biometric data of the first user generated during the 

transaction, as the transaction biometric data 46, with the 
registration biometric data generated at an earlier date from 
the first user during a registration process using the 
registration system 24. The registration biometric data, which 
15 is decrypted by the biometric certificate extractor 64 to be 
the decrypted registration biometric data 72, is applied to a 
second classifier 84 to be compared to the transaction 
biometric data 46 which is sent over the network 60 in the 
clear, or optionally encrypted by additional encryption 
20 techniques known in the art . 

The second classifier 84 may be a comparator, or 
alternatively a software routine or other hardware /software 
devices implementing data matching techniques, for comparing 
the biometric data to obtain a decision value. Alternatively, 
25 the second classifier 84 may be a trained neural network and/or 
a fuzzy logic classifier for classifying whether or not, within 
an error tolerance, the sets of biometric data 46, 72 were 
obtained from the same individual using biometric input 
devices. Such classification methods for authentication of 
30 images and data sequences using neural networks are described, 
for example, in U.S. Patent No. 5,619,620 to Eccles, which is 
incorporated herein by reference. 

The second classifier 84 then generates a decision in the 
form of a second validation signal 86, which may be logic 
35 values corresponding to YES or NO, or TRUE or FALSE, indicating 
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verification of the authenticity of the user sending the 
electronic transaction. Alternatively, the authentication 
decision may be a numerical value, for example, corresponding 
to a percentage of confidence of authenticity. The second 
5 classifier 86 may include a predetermined threshold of, for 
example, 98% authenticity, to be exceeded in order to proceed 
with the processing of the electronic transaction. 

The receiving section 42 shown in FIG. 5 may respond to 
the validation signals 82, 86 to process the transaction first 
10 data 50, such as an on-line purchase or an electronic funds 
transfer. Accordingly, transaction processing systems (not 
shown) may also be included in the receiving section 42. 
Alternatively, the receiving section 42 of FIG. 5 may be 
coupled to external transaction processing systems. 
15 In another alternative embodiment, the receiving section 

may include an AND circuit 88 shown in FIG. 5, such as a logic 
AND gate or other logic mechanisms, for generating a final 
validation signal 90 from the validation signals 82, 86. 
Accordingly, if and only if both of the classifiers 80, 84 
20 determine that the transaction biometric data 4 6 as well as the 
transaction first data 50 have been sufficiently securely 
transmitted over the network 60, then a final validation signal 
90 reflecting the security of the overall transaction is 
generated . 

25 Although the first classifier 80 is a perfect classifier; 

that is, only an exact match of the hash values generates an 
authentication, the second classifier 84 may generate 
percentages reflecting relative authenticity and/or scaled 
numerical values on an authenticity scale to reflect the error 

30 tolerance of the second classifier 84 and/or the cross-over 
error rates associated with biometrics. Accordingly, the 
application of fuzzy logic may be used to generate a crisp 
determination of the authenticity of the transaction biometric 
data 46 as the second validation signal 86. 

35 Using biometric certificates, cross-over error rates for 
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identification and authentication may be below about 2.0%, and 
may even be also low as about 0.5%. The application of more 
advanced biometric input devices 26, 44 and classifiers 80, 84 
known in the art may obtain substantially perfect 
5 authentication of any individual from the global population. 

The disclosed biometric certification system and method 
may include electronic transactions using a network as 
described in commonly assigned U.S. Patent Application No. 
08/770,824, filed December 20, 1996 and entitled "VIRTUAL 
10 CERTIFICATE AUTHORITY, which is incorporated herein by 

reference. Such a system can be adapted to include the use of 
biometric certificates as described herein for 
cryptographically binding the biometric data of a user with 
identification information to form such biometric certificates. 
15 The use of public key technology allows the 

transaction/signature authentication process to be done either 
centrally or remotely, depending upon the needs of the 
transaction. 

While the disclosed biometric certification system and 
20 method is particularly shown and described herein with 

reference to the preferred embodiments, it is to be understood 
that various modifications in form and detail may be made 
therein without departing from the scope and spirit of the 
present invention. Accordingly, modifications, such as any 
25 examples suggested herein, but not limited thereto, are to be 
consideried within the scope of the present invention. 
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CLAIMS 

WHAT IS CLAIMED IS : 

1. A biometric certification system for certifying an 
electronic transaction from a user, the electronic transaction 
5 including transaction biometric data, transaction first data, 
and a digital signature generated therefrom, the biometric 
certification system comprising: 

a biometric certificate extractor, responsive to a 
biometric certificate corresponding to user identification (ID) 
10 data included in the transaction first data, for extracting 
registration biometric data and a user public key therefrom; 

a decryptor, responsive to the registration biometric 
data and to the user public key, for retrieving a first hash 
value from the digital signature; 
15 a hash function, responsive to the transaction 

biometric data and the transaction first data, for generating a 
second hash value therefrom; and 

a first classifier for comparing the first hash value 
to the second hash value, and for generating a first validation 
20 signal to authenticate the transmission of the transaction 
first data and the transaction biometric data. 

2. The biometric certification system of claim 1, 
wherein the biometric certificate is in the form of a sequence, 

25 including: 

the registration biometric data; 
user input data; 
the public key of the user; and 
the digital signature. 

30 

3. The biometric certification system of claim 2, 
wherein the portion of the bit sequence including the first 
biometric data is greater than about 500 bytes in length. 

35 4. The biometric certification system of claim 1, 
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wherein the first classifier includes a processor for 
performing data matching procedures. 

5. The biometric certification system of claim 1, 
further comprising: 

a second classifier for comparing the registration 
biometric data and the transaction biometric data, and for 
generating a second validation signal to authenticate the user. 

6. The biometric certification system of claim 1, 
wherein the second classifier is a neural network trained from 
a set of biometric data stored in the biometric database. 

7. A biometric certification system for authenticating 
an electronic transaction involving a user, the electronic 
transaction including transaction biometric data, transaction 
first data, and a digital signature generated therefrom, 
comprising : 

a transmitting section including: 

a transaction biometric input device responsive 
to a set of physical characteristics of the user, the 
transaction biometric input device generates corresponding 
transaction biometric data related to the physical condition of 
the user; 

a first hash function generator, responsive to 
transaction first data and the transaction biometric data, for 
generating a first hash value signal therefrom; 

a digital signature generator which generates a 
digital signature from the hash value and a private key signal 
0 of the user; and 

a receiving section operatively connected to the 
transmitting section through a network, the receiving section 
including : 

a biometric certificate extractor, responsive to 
5 a biometric certificate corresponding to user identification 
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(ID) data included in the transaction first data, for 
extracting registration biometric data and a user public key 
therefrom; 

a decryptor, responsive to the registration 
biometric data and to the user public key, for retrieving the 
first hash value from the digital signature; 

a second hash function generator, responsive to 
the transaction biometric data and the transaction first data, 
for generating a second hash value therefrom; and 

a first classifier for comparing the first hash 
value to the second hash value, and for generating a first 
validation signal to authenticate the transmission of the 
transaction first data and the transaction biometric data. 

8. The biometric certification system of claim 7, 
wherein the transaction biometric input device is a visual 
reader which obtains hand geometry images of the user to 
generate corresponding biometric data . 

9. The biometric certification system of claim 7, 
wherein the transaction biometric input device is a visual 
reader which obtains iris images of the user to generate 
corresponding biometric data. 

10. The biometric certification system of claim 7, 
wherein the transaction biometric input device is a visual 
reader which obtains retinal images of the user to generate 
corresponding biometric data. 

11. The biometric certification system of claim 7, 
wherein the transaction biometric input device is a visual 
reader which obtains facial images of the user to generate 
corresponding biometric data. 

12. The biometric certification system of claim 1, 
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10 



15 



wherein the transaction biometric input device is a visual 
reader which obtains body images of the user to generate 
corresponding biometric data. 

5 13. The biometric certification system of claim 7, 

wherein the transaction biometric input device includes: 

a sound transducer that receives speech from the 

user; and 

a speech digitizer which digitizes the received 
speech to generate corresponding biometric data. 

14. The biometric certification system of claim 1, 
wherein the second classifier is a neural network trained from 
a set of biometric data stored in the biometric database. 

15 • The biometric certification system of claim 1, 
further comprising: 

a logic circuit for generating a final validation 
signal from the first and second validation signals. 

20 

16. A method for authenticating an electronic transaction 
involving a first user, comprising the steps of: 

registering a user, including the steps of: 

receiving a registration set of physical 
25 characteristics of the user at a biometric input devices- 
generating registration biometric data 
corresponding to the registration set of physical 
characteristics ; 

generating a biometric certificate from the 
30 registration biometric data, user input data, the public key of 
the user, and a digital signature; and 

storing the biometric certificate in a memory; 
transmitting an electronic transaction over a 
network, the electronic transaction including transaction 
35 biometric data, transaction first data, and a digital signature 
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generated therefrom, the step of transmitting including the 
steps of : 

receiving a current set of physical 
characteristics of the user; 
5 generating the transaction biometric data from 

the current set related to the physical condition of the user; 

generating a first hash value signal from the 
transaction first data and the transaction biometric data; 

generating the digital signature from the hash 
10 value and a private key signal of the user; and 

transmitting the digital signature over the 

network; and 

transmitting the transaction biometric data and 
the transaction first data over the network; and 
15 authenticating the electronic transaction, including 

the steps of : 

receiving the digital signature, the transaction 
biometric data and the transaction first data from the network; 

retrieving user identification (ID) data from 
20 the transaction first data; 

retrieving a biometric certificate corresponding 
to user ID data from a memory; 

extracting registration biometric data and the 
user public key from the biometric certificate; 
25 decrypting the digital signature using the user 

public key to retrieve the first hash value from the digital 
signature ; 

generating a second hash value from the 
transaction biometric data and the transaction first data; 
30 comparing the first hash value to the second 

hash value using a first classier; 

generating a first validation signal to 
authenticate the transmission of the transaction first data and 
the transaction biometric data; 
35 comparing the registration biometric data and 
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the transaction biometric data using second classifier; and 

generating a second validation signal to 
authenticate the user. 

17. The method of claim 16, wherein the step of 
authenticating further comprises the steps of: 

ANDing the first and second validation signals. 

18. The method of claim 15, wherein the step of receiving 
a set of physical characteristics of the user includes the step 
of: 

receiving visual characteristics of the user using a 
visual reader as the registration biometric input device. 

19. The method of claim 15, wherein the step of receiving 
a set of physical characteristics of the user includes the step 
of: 

receiving speech characteristics of the user using a 
speech digitizer as the registration biometric input device. 

20. The method of claim 15, wherein the step of 
generating the registration biometric data includes the step of 
generating a bit sequence greater than about 500 bytes in 
length as the registration biometric data. 



wo 98/50875 ^ PCTAJS98/09770 

1/4 



10 



AUTHENTI GATING 
CBRTIFICATE 



VERSION NUMBER 



SERIAL NUMBER 



ISSUER NAME 



VALIDITY PERIOD 



SUBJECT NAME 



SUBJECT PUBLIC KEY 



ISSUER UNIQUE ID 



M BITS 



SUBJECT UNIQUE ID 



PRIVILEGE AND 
ATTRIBUTE EXTENSIONS 



12 



M BITS 



14 



DIGITAL 
SIC^ATURE 



N BITS 



FIG. 1 
(PRIOR ART) 



BIOMETRIC 
CERTIFICATE 



VERSION NUMBER 



SERIAL NUMBER 



ISSUER NAME 



VALIDITY PERIOD 



SUBJECT NAME 



SUBJECT PUBLIC KEY 



ISSUER UNIQUE ID 



SUBJECT UNIQUE ID 



BIOMETRIC 
DATA 



16 



18 
20 



/ 



PRIVILEGE AND 
ATTRIBUTE EXTENSIONS 



DIGITAL 
SIGNATURE 
GENERATED USING 
THE SET OF DATA 16 



22 



FIG. 2 - 



wo 98/50875 



PCT/US98/09770 



2/4 




r 



V£> 









o u 






HUH 






H H > 




H » 


C< M 




H U 


» H Q 




Q P H 






Oi > 






OS Szs » 


HOP 




WHO 


O H Oi 

» a s 


to 

P 




CD 





H 

M CO 
P 



o 



H 

u 

H 

B 

til 

OS 
H 
CO 
P 



s 



o 

CO 



7V 



wo 98/50875 



PCTAJS98/09770 




o 



wo 98/50875 



PCT/US98/09770 



4/4 



o 
cn 



00 




i 



PS 
» 
CO 



00 



m 

o H 
o w 

U 



o 

M 
P 




u 

H 
H 



O 
H 

m 

s; 
o 

M 

H 
CO 
H 
O 



H M H 
03 »^ CO 









o 




H ►a 




^ tl ^ 




to 




« Q O 




H H H 




1X4 »^ CO 






CO 





U 



» 

U 
M 

g 

OH 

m 

CO 

t> 
Q 

H 
H 

CM 

u 
» 

Q 



« 

CJ H « 
H < O 
OS O H 
H H U 
» lx« < 
S H 2 
O H H 
w PS X 
(Q » » 

a 




WORLD INTELLECTUAL PROPERTY ORGANIZATION 
International Bureau 




PCX 

INTERNATIONAL APPUCATION PUBUSHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(51) IntematioDal Patent ClassiflcatioD ^ : 
G06K 9/20, H04K 1/00, H04L 9/28, 
9/00 



A3 



(11) IntematBODal Publication Number: WO 98/50875 

(43) International Publicatfon Date: 12 November 1998 (12J 1.98) 



(21) International AppUcation Number: PCrrUS98/09770 

(22) International Filing Date: 8 May 1998 (08.05.98) 



(30) Priority Data: 
60/046,012 



9 May 1997 (09.05.97) 



US 



(71) AppUcants: GTE GOVERNMENT SYSTEMS CORPORA- 
TION [US/US]; 1209 Orange Street, Wilmington, bE 19801 
(US). GTE SERVICE CORPORATION [US/US]; 1209 Or- 
ange Street, Wilmington, D£ 19801 (US). 

(72) Inventors: DULUDE, Robert; 14 Lafayciic Circle, Wclleslcy, 
MA 02181 (US). MUSGRAVE, Clyde; 3620 Fairfield 
Place, Frisco, TX 75035 (US). 

(74) Agents: SUCHYTA, Lc(Miard, Charles el aJ.; GTE Service 
Corporation. 600 Hidden Ridge HQE03G05, Irving, TX 
75038 (US). 



(81) Designated States: AL, AM, AT, AU, AZ, BA, BB, BG. BR, 
BY, CA, CH, CN, CU, (3, DE, DK. EE. ES, R, GB, GE, 
GW, HU, ID, lU IS, JP, KE, KG. KP, KR. KZ, LC, LK, 
LR, LS, LT, LU, LV, MD, MG. MK, MN, MW, MX, NO, 
NZ. PL, PT, RO, RU. SD. SE, SG, SI. SK, SL, TJ, TM. TR, 
rr, UA. UG, UZ, VN, YU, ZW, ARIPO patent (GH. GM, 
KE, LS, MW, SD, SZ, UG, ZW), Eurasian patent (AM. AZ, 
BY, KG, KZ. MD. RU, TJ, TM), European patent (AT. BE, 
CH, CY. DE, DK, ES. FI. FR, GB, GR. IE, IT, LU, MC, 
NL. PT, SE), OAPI patent (BF, BJ, CF. CG. CI, CM, GA, 
GN, ML, MR, NE, SN, TD, TG). 



PubUsbed 

With international search report. 

(88) Date of publication of tbe intcmational search report: 

llFebruaiy 1999 (11.02.99) 



(54)TlUe: BIOMETRIC CERTIFICATES 
(57) Abstract 

A biometric certification S3rstem includes a biometric 
certificates extractor system (64) for extracting biometric 
certificates (68) which may be used for authentication tn any 
dectranic transaction having biometric database (66) for pre- 
storing die oUained biometric data corre^nding to physical 
characteristics of registered users throughout a bionwtric input 
device. Subsequent transaction to be conducted over the 
network (60) have digital signatures (58) generated fiom the 
physical diaracteristics of a current user and from the 
electronic transaction. The electronic transacticm is 
authenticated by comparing tbe hash values in the digital 
signature with re-created hash values. Tbe user is 
authenticated by comparison against the pre-stored biometric 
certificates of the physical characteristics of the users in the 
biometric database. 



"T 



-t- — " 



rum 



r 



FOR THE PURPOSES OF INFORMATION ONLY 



Codes used to identify States party to the PCT oo the froat pages of pamphlets publishing international applications under the PCT» 



AL 


Albania 


ES 


Spain 


LS 


Lcsotfio 


81 


Slovenia 


AM 


Aimcnia 


Fl 


Finland 


LT 


Lithuania 


SK 


Slovakia 


AT 


Austria 


FR 


France 


LU 


Luxembourg 


SN 


Sent^al 


AU 


Australia 


GA 


Gaboo 


LV 


Latvb 


sz 


Swaziland 


AZ 


AzcjbaijaD 


GB 


United Kingdom 


MC 


Monaco 


TD 


Chad 


BA 


Bosnia and Herzegovina 


GE 


Georgia 


MD 


Republic of Moldova 


TG 


Togo 


BB 


Baibados 


CH 


Gfaaoft 


M6 


Madagascar 


TJ 


Tajtktstan 


BE 


Bclgiim 


GN 


Guinea 


MK 


The former Yugoslav 


TM 


TVnkmcDistan 


BF 


Bmkioa Piaso 


OR 


Greece 




RqwiMic of Macedonia 


TR 


Tuikqr 


BG 


Ba^gttB 


HU 


Hiiqgary 


ML 


MaU 


TT 


Tkinidad and Tobago 


BJ 


Benin 


IE 


Ireland 


MN 


Mongolia 


UA 


Ukiaine 


BR 


Brazil 


IL 


brae] 


MR 


Mauritania 


UG 


Uganda 


BY 


Bebrm 


IS 


Iceland 


MW 


Malawi 


US 


United States of America 


CA 


Canada 


IT 


Italy 


MX 


Mexico 


UZ 


Uzbekistan 


CF 


Centra] African RqwfoUc 


JP 


Jsftan 


NE 


Niger 


VN 


Vict Nam 


CG 


Congo 


KB 


Kenya 


NL 


Netbeiland* 


YU 


Yngcslavia 


CH 


Switzerland 


KG 


Kyigyzslan 


NO 


Norway 


ZW 


Zimbabwe 


a 


cote divoirc 


KP 


Democratic People's 


NZ 


New Zealand 






CM 


Cameroon 




Republic of Koiea 


PL 


Poland 






CN 


Ctttna 


KR 


RepuMic of Kotea 


PT 


Portugal 






CU 


Cuba 


KZ 


Kazakstan 


RO 


Romania 






CZ 


Czech Republic 


LC 


Saint Locia 


RU 


Russian FedexaHon 






DB 


Germany 


U 


Liediteostein 


SD 


Sudan 






DK 


Dcusuilt 


LK 


SriLanlKa 


SE 


Sweden 






EE 


Estonia 


LR 


Liberia 


SG 


Smgapote 







INTERNATIONAL SEARCH REPORT 



loteraatioiiA] applicatioD No. 

PCT/US98/09770 



A. CLASSIFICATION OP SUBJECT MATTER 

1PC(6) :O06K 9/20; H04K 1/00; H04L 9/2». 9/00 

US CL :PleMe So« Extia Sheet 
Accofding to latemaliooal PalWit Claatificatioo qPC) or to both Blioiial claaiificatioB aad IPC 



FIELDS SEARCHED 



MisimDia docamcatBtioa leafclwd (cUtsificatioo tyttom foHowed by cUsnCcatios symboU) 
U.S. : 3«2/U5, 116-Ilg. 124, 155. 190^ 395/21; 380a. 9. 23-25. 28. 46; 178/22 



DooomeBtaSioD tombed other than mbimiim docuoieiitatioo to the extesl that web docomeDts are tachided in the fields seaicbed 



EtedTOttie dat» hue ooaniHed duri&g the btomatioDal seaich (oame of data base and. where practicable, search terms used) 
APS: BIOMETRIC. FINOERPRINT. IRIS. EYE. SPEECHM. VOICE. HASH. ENCRYPT. DECRYPT. NEURAL. EXTRACT. 
CLASS 



C DOCUMENTS CONSIDERED TO BE RELEVANT 



Category* 



Citatioa of documeot. widi iadication. where appropriate, of the relevant passages 



Relevant to claim No. 



Y 
Y 



US 4,868,877 A (FISCHER) 19 SEPTEMBER 1989. 
see Abstract, col. 10, and figs. 1-4 

US 4,405,829 A (RIVEST et ah) 20 SEPTEMBER 1983, sec 
Abtract, col. 1-6, and fig. 7 

US 5,623,545 A (CHILDS ct al.) 22 APRIL 1997 
see Abstract, col. 1-6, and figs. 1-11 

US 4,641 ,349 A (FLOM et aK) 03 FEBRUARY 1987, see Abstract, 
coK 1-13, and figs. 2-7 

US 5,263,097 A (KATZ et al.) 16 NOVEMBER 1993, see Abstract, 
col. 1-9, and fig. 3-7 



1,7, 16 
1, 7, 16 
1, 7, 16 
1-20 
1-20 



Q Fttitber documents are listed tn the continoatioo of Box C. Q See patent family annex. 



dooumcnt (knnint ^ $90»t^ tteU of th« ut wlueb » not 
19 b* of ptftioidar iaImibc* 

mwImt doc«Hi«Dt pobtiihad oa of sAm iU iolMoMioBol fUu 

domMDMil w)osk mmf ifam doubtt on prioriiy clai»(») or 
cM to MtoMbh tb« |Niblicttkia data of mtoAm ciwioo 
ipVCMl MMB («» ■pMtTiod) 



mH pubiwhed bIW iotMimmial filkig di 
not m coaflid wiA th» iipli n ti oo but cited I 



docu 



t Mi iir*l da 



docn^Mtt publtihMl prior to iIm nMrisacionU ftUns date 
dw prioriljr drto olwtd 



whaD Ibo docusMit b tdcws ^ooo 



of puticuhr raWvanco; dM cbimad invaiilM 
I to iwrolT« an knmM99 itap whaa iba < 
wid» ona or aiora odkar tuefa dDcvmenliv auch 
iout to a panoa akiDad m dia art 



do«tH»aDt mambar of d»o sama paiaal faottljr 



Date of the actoal completion of the international search 



25 SEPTEMBER 1998 



Date of mailbg of the btemationsl search report 

29 OCT 1998 



Name and mailing addiest of the ISA/US 
Commisuoncr of Patents and Trademarks 

BoxPCT 

Washington. aC. 20231 
Facsimile No. (703) 305-3230 



iithorized officer 

JOSE L. COUSO 
Jcpbone No. (703) 305-3800 



Form PCT/lSAy2IO (second sbeetXJuly 1992)* 



INTERNATIONAL SEARCH REPORT 



IntematioDftl applicattoa No. 
PCTAJS98/09770 



A. CLASSIFICATION OF SUBJECT MATTER: 
USCL : 

382/115. 1 16.1 18, 124, 153, 190^ 395/21; 380/2, 9, 23-25, 28, 46; 178/22 



Fonn PCT/ISA/210 (extm shcetXJuly 1992)* 



This Page is Inserted by IFW Indexing and Scanning 
Operations and is not part of the Official Record 



Defective images within this document are accurate representations of the original 
documents submitted by the applicant. 

Defects in the images include but are not limited to the items checked: 

□ BLACK BORDERS 

□ IMAGE CUT OFF AT TOP, BOTTOM OR SIDES 



FADED TEXT OR DRAWING 
^ BLURRED OR ILLEGIBLE TEXT OR DRAWING 

□ SKEWED/SLANTED IMAGES 

□ COLOR OR BLACK AND WHITE PHOTOGRAPHS 

□ GRAY SCALE DOCUMENTS 

□ LINES OR MARKS ON ORIGINAL DOCUMENT 

□ REFERENCE(S) OR EXHIBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER: 

IMAGES ARE BEST AVAILABLE COPY. 
As rescanning these documents will not correct the image 
problems checked, please do not report these problems to 
the IFW Image Problem Mailbox. 



BEST AVAILABLE IMAGES 




